Ubuntu Linux Security Vulnerabilities and Issues — Ubuntu Linux CVE List

Lucene search

CanonicalUbuntu Linux

9 matches found

CVE•added 2008/05/13 5:20 p.m.•448 views

CVE-2008-0166

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.

7.8CVSS6.3AI score0.06086EPSS

CVE•added 2008/05/05 4:20 p.m.•276 views

CVE-2008-2079

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory...

4.6CVSS7.4AI score0.00513EPSS

CVE•added 2008/05/05 5:20 p.m.•272 views

CVE-2008-0599

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

10CVSS9.6AI score0.59272EPSS

CVE•added 2008/05/29 4:32 p.m.•119 views

CVE-2008-1105

Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.

7.5CVSS7.8AI score0.9044EPSS

CVE•added 2008/05/16 12:54 p.m.•100 views

CVE-2008-2136

Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull ...

7.8CVSS5.9AI score0.14973EPSS

CVE•added 2008/05/07 9:20 p.m.•94 views

CVE-2008-2108

The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protect...

9.8CVSS9.4AI score0.05915EPSS

CVE•added 2008/05/02 4:5 p.m.•72 views

CVE-2008-1375

Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors.

6.9CVSS6AI score0.00048EPSS

CVE•added 2008/05/29 4:32 p.m.•67 views

CVE-2008-1672

OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.

4.3CVSS8.1AI score0.22012EPSS

CVE•added 2008/05/16 12:54 p.m.•52 views

CVE-2008-2009

Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.

4.3CVSS6.5AI score0.0434EPSS